OWASP Developer Guide

Coraza Web Application Firewall

9.2 Coraza Web Application Firewall

The OWASP Coraza project provides a golang enterprise-grade Web Application Firewall framework that supports the ModSecurity seclang language and is completely compatible with the OWASP Core Rule Set (CRS). Coraza is in active development as an OWASP Production code project, with the first stable version released in September 2021 and several releases since then.

What is Coraza?

The Coraza Web Application Firewall framework is used to enforce policies, providing a first line of defense to stop attack on web applications and servers. Coraza can be configured using the OWASP Core Rule Set and also custom policies can be created.

Coraza can be deployed:

  • as a library in an existing web server
  • within an application server acting as a WAF
  • as a reverse proxy
  • using a docker container

Why use Coraza?

Web Application Firewalls are usually the first line of defense against HTTP attacks on web applications and servers. The Coraza WAF is widely used for providing this security, especially for cloud applications, along with the original OWASP ModSecurity WAF.

How to use Coraza

The best way to start is to create a Coraza WAF instance and then add rules to this WAF, following the Coraza Quick Start tutorial.

There are multiple ways of running Coraza, and the one chosen will depend on an individual organization’s deployment:

  • Coraza SPOA connector runs the Coraza WAF as a backing service for HAProxy
  • Coraza Caddy Module provides Web Application Firewall capabilities for Caddy
  • the Coraza Proxy WASM filter can be loaded directly from Envoy or used as an Istio plugin
  • Coraza as a C library, used for applications written in C rather than golang

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.